Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8d/cbb2e4-88c3-4cc0-9675-c98a1bde6476/1/WvZUTqnUJrfxPwj7etIyxS5XtG0.roa
File:                     WvZUTqnUJrfxPwj7etIyxS5XtG0.roa (raw, json)
Hash identifier:          tjBBu94qUSlvnCT5HDdgFpmfyKhqmKvNYxBumfbCE8U=
Subject key identifier:   5A:F6:54:4E:A9:D4:26:B7:F1:3F:08:FB:7A:D2:32:C5:2E:57:B4:6D
Certificate issuer:       /CN=bc8e918876665cb5838a2f7d28d7476113396ef4
Certificate serial:       019C7BA7E675946F83DE83D2B911F5A77D6E
Authority key identifier: BC:8E:91:88:76:66:5C:B5:83:8A:2F:7D:28:D7:47:61:13:39:6E:F4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/vI6RiHZmXLWDii99KNdHYRM5bvQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8d/cbb2e4-88c3-4cc0-9675-c98a1bde6476/1/WvZUTqnUJrfxPwj7etIyxS5XtG0.roa
Signing time:             Fri 20 Feb 2026 15:25:26 +0000
ROA not before:           Fri 20 Feb 2026 15:25:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     15763
IP address blocks:        149.232.0.0/20 maxlen: 20
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8d/cbb2e4-88c3-4cc0-9675-c98a1bde6476/1/vI6RiHZmXLWDii99KNdHYRM5bvQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8d/cbb2e4-88c3-4cc0-9675-c98a1bde6476/1/vI6RiHZmXLWDii99KNdHYRM5bvQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/vI6RiHZmXLWDii99KNdHYRM5bvQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 09:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:7b:a7:e6:75:94:6f:83:de:83:d2:b9:11:f5:a7:7d:6e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bc8e918876665cb5838a2f7d28d7476113396ef4
        Validity
            Not Before: Feb 20 15:25:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=5af6544ea9d426b7f13f08fb7ad232c52e57b46d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:3b:d1:9c:a2:1c:68:c5:03:c2:c5:47:60:31:
                    60:a3:b5:31:57:c2:58:b9:69:2a:e2:2e:4b:0f:5e:
                    94:72:e4:80:0c:0c:e9:68:41:66:a9:41:85:20:bc:
                    1d:f5:f5:2d:b3:ff:7d:e0:fe:d4:9e:df:1d:98:9b:
                    5d:7d:2e:fd:21:ff:ee:f0:64:aa:fa:29:dc:86:10:
                    91:d4:27:fd:d8:11:eb:e4:2f:cf:43:9d:1d:51:5b:
                    aa:b9:7a:22:74:e9:07:9a:2d:82:be:f0:33:0d:5c:
                    e4:94:74:b8:2f:27:38:97:99:68:6f:22:d1:5c:24:
                    b7:43:79:05:78:80:6b:78:47:2d:98:59:fb:7e:f5:
                    14:66:c9:31:25:58:74:6f:5e:06:08:c7:19:07:7a:
                    e1:09:9e:9c:fc:fa:9b:8d:54:56:80:26:ae:f4:22:
                    c2:17:14:61:5b:76:12:02:7d:a7:a4:93:54:6a:40:
                    85:3d:8d:57:88:87:a5:d8:bd:ee:a7:07:06:18:73:
                    01:b9:6a:20:2e:e8:d0:94:c6:d2:9b:ed:fc:58:78:
                    01:1a:a3:62:9d:40:e0:2f:29:39:c7:16:ad:4e:b3:
                    4b:ac:a1:49:7e:2b:bc:38:44:95:05:5e:3c:46:99:
                    fb:f2:1e:1d:c5:98:bb:8c:cd:ee:53:4d:53:c3:45:
                    4a:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5A:F6:54:4E:A9:D4:26:B7:F1:3F:08:FB:7A:D2:32:C5:2E:57:B4:6D
            X509v3 Authority Key Identifier:
                keyid:BC:8E:91:88:76:66:5C:B5:83:8A:2F:7D:28:D7:47:61:13:39:6E:F4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/vI6RiHZmXLWDii99KNdHYRM5bvQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8d/cbb2e4-88c3-4cc0-9675-c98a1bde6476/1/WvZUTqnUJrfxPwj7etIyxS5XtG0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8d/cbb2e4-88c3-4cc0-9675-c98a1bde6476/1/vI6RiHZmXLWDii99KNdHYRM5bvQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  149.232.0.0/20

    Signature Algorithm: sha256WithRSAEncryption
         1f:d1:ee:31:dd:aa:62:a2:98:5a:e2:81:34:3e:d6:5f:ce:53:
         b2:15:dc:f1:d7:35:aa:6c:47:47:49:ed:e7:4a:dc:24:58:53:
         0f:9b:0d:62:8e:82:08:44:dd:a8:f9:4a:cf:47:f7:68:d4:81:
         e2:c3:7f:80:55:48:3a:ad:21:46:d3:ed:bb:0a:e0:f4:c0:ab:
         8f:2d:3d:7a:0b:1d:5b:d0:56:c8:ab:45:51:56:7e:0b:6e:4e:
         21:a6:dd:a3:51:b6:37:44:bf:e0:72:b1:29:46:b2:84:2b:e6:
         18:e8:53:c2:e1:e0:9d:24:5e:6c:54:51:66:91:70:43:f7:48:
         cf:8a:e0:e3:7e:eb:af:78:5c:b7:73:aa:2c:cd:ae:00:c5:14:
         c7:83:7f:c5:1a:9c:50:be:c6:18:a5:6f:19:10:b9:3e:d8:49:
         c3:57:4a:75:64:5c:60:7c:14:44:9f:18:d8:c1:8c:2a:0f:d1:
         85:9c:0a:1e:8e:22:ce:4b:db:0f:56:84:3b:28:69:ea:85:03:
         29:58:bd:33:b7:48:11:b1:cb:69:67:c0:dd:94:bd:f7:9d:c0:
         10:52:6c:c5:93:81:e4:68:05:d8:ac:12:bf:59:92:4a:ca:78:
         48:89:c3:e7:f7:cb:cb:9c:e3:a0:04:83:eb:c0:0c:75:8e:52:
         0e:68:b3:90
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZx7p+Z1lG+D3oPSuRH1p31uMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJjOGU5MTg4NzY2NjVjYjU4MzhhMmY3ZDI4ZDc0NzYxMTMz
OTZlZjQwHhcNMjYwMjIwMTUyNTI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1YWY2NTQ0ZWE5ZDQyNmI3ZjEzZjA4ZmI3YWQyMzJjNTJlNTdiNDZkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyjvRnKIcaMUDwsVHYDFgo7UxV8JY
uWkq4i5LD16UcuSADAzpaEFmqUGFILwd9fUts/994P7Unt8dmJtdfS79If/u8GSq
+inchhCR1Cf92BHr5C/PQ50dUVuquXoidOkHmi2CvvAzDVzklHS4Lyc4l5lobyLR
XCS3Q3kFeIBreEctmFn7fvUUZskxJVh0b14GCMcZB3rhCZ6c/PqbjVRWgCau9CLC
FxRhW3YSAn2npJNUakCFPY1XiIel2L3upwcGGHMBuWogLujQlMbSm+38WHgBGqNi
nUDgLyk5xxatTrNLrKFJfiu8OESVBV48Rpn78h4dxZi7jM3uU01Tw0VKEQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFr2VE6p1Ca38T8I+3rSMsUuV7RtMB8GA1UdIwQY
MBaAFLyOkYh2Zly1g4ovfSjXR2ETOW70MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdkk2UmlIWm1YTFdEaWk5OUtOZEhZUk01YnZRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZC9jYmIyZTQtODhjMy00Y2MwLTk2NzUt
Yzk4YTFiZGU2NDc2LzEvV3ZaVVRxblVKcmZ4UHdqN2V0SXl4UzVYdEcwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZC9jYmIyZTQtODhjMy00Y2MwLTk2NzUtYzk4YTFiZGU2NDc2
LzEvdkk2UmlIWm1YTFdEaWk5OUtOZEhZUk01YnZRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQElegAMA0G
CSqGSIb3DQEBCwUAA4IBAQAf0e4x3apiopha4oE0PtZfzlOyFdzx1zWqbEdHSe3n
StwkWFMPmw1ijoIIRN2o+UrPR/do1IHiw3+AVUg6rSFG0+27CuD0wKuPLT16Cx1b
0FbIq0VRVn4Lbk4hpt2jUbY3RL/gcrEpRrKEK+YY6FPC4eCdJF5sVFFmkXBD90jP
iuDjfuuveFy3c6osza4AxRTHg3/FGpxQvsYYpW8ZELk+2EnDV0p1ZFxgfBREnxjY
wYwqD9GFnAoejiLOS9sPVoQ7KGnqhQMpWL0zt0gRsctpZ8DdlL33ncAQUmzFk4Hk
aAXYrBK/WZJKynhIicPn98vLnOOgBIPrwAx1jlIOaLOQ
-----END CERTIFICATE-----